By Vitaliy Maksymets
What is the Crypto virus?
Cryptowall is a virus knows as ransomware. When it infects your computer it encrypts all of the files and in order to retrieve them a ransom must be paid. The way the ransom works is the virus gives the amount of time needed to pay the initial $500 in bitcoins. After the time period ends the ransom doubles. The cryptovirus prevents any sort of tracking which is why bitcoins are the only currency that are accepted. Communication with the virus creators is possible, it involves using a program called Tor or I2P which are used to keep the location of the virus creator hidden as well as keeping the communication anonymous. When getting the virus the screen will look like this:
As you can see it shows the cost of the ransom as well and the time needed to pay it. It also shows how to acquire and pay with bitcoins. The virus offers to decrypt a file for free in order to show that they have the power to restore the files.
Origin of the Crypto virus.
The crypto virus was created by Gameover ZeuS. The amount extorted from the virus is about 3 million dollars. The virus has changed over time and is now on cryptowall 3.0 which is more sophisticated than its predecessor cryptowall 2.0 because of the extra forms of security that it uses.
Experience with a client.
Here at Amvean we assisted a customer who needed to restore his files and pay the ransom. The virus allowed him to retrieve a single file in order to show that retrieval of the information was possible. The client had difficulty in purchasing bitcoins which caused the deadline to pass and the ransom doubled. We assisted him in communicating with the virus makers and they extended the deadline and reverting the amount needed to pay back to $500. After the ransom was paid the virus sent a file containing the decryption code and allowing the client access to his files. Afterwards we removed any lingering traces of the virus which could possibly return and infect the computer again.
Ways of preventing paying the ransom and avoiding contacting the virus.
Paying the ransom could be out of the question for some users. Ways of preventing this is by backing up ones work. It is important to know that when backing up your work to unplug the backup after it is finished. It was possible that by getting infected with the virus it could spread to the backup if the backup is connected to the computer. Having an active antivirus installed will also help in preventing, contacting the virus. Avoiding email attachment from unknown or untrusted senders. As well as staying clear from suspicious websites. Not paying the ransom is also an option, although then it is very unlikely to retrieve the encrypted files when removing the virus.